漏洞描述
一些Wavlink产品受到一个漏洞的影响,该漏洞可能允许未经身份验证的远程用户以root用户身份在Wavlink设备上执行任意命令。用户输入未正确消毒允许通过登录请求中的“key”参数注入命令。它已经在Wavlink WN575A4和WN579X3设备上进行了测试,但其他产品可能会受到影响。
Wavlink 未授权 RCE(CVE-2020-13117)
PoC代码
暂无相关漏洞推荐
- wavlink-router-live-api-cgi-rce: WavLink Router Live API cgi RCE
- POC CVE-2020-10973: WAVLINK - Access Control
- POC CVE-2020-12124: WAVLINK WN530H4 live_api.cgi - Command Injection
- POC CVE-2020-12127: WAVLINK WN530H4 M30H4.V5030.190403 - Information Disclosure
- POC CVE-2020-13117: Wavlink Multiple AP - Remote Command Injection
- POC CVE-2021-44260: WAVLINK AC1200 - Information Disclosure
- POC CVE-2022-2486: Wavlink WN535K2/WN535K3 - OS Command Injection
- POC CVE-2022-2487: Wavlink WN535K2/WN535K3 - OS Command Injection
- POC CVE-2022-2488: Wavlink WN535K2/WN535K3 - OS Command Injection
- POC CVE-2022-30489: Wavlink WN-535G3 - Cross-Site Scripting
- POC CVE-2022-31845: WAVLINK WN535 G3 - Information Disclosure
- POC CVE-2022-31846: WAVLINK WN535 G3 - Information Disclosure
- POC CVE-2022-31847: WAVLINK WN579 X3 M79X3.V5030.180719 - Information Disclosure